Security Alerts and Updates

Latest Security Updates for Apple Software
Latest Security Tests from AV-Comparatives

May 2022 (Click listings for more information).
24. Windows 11 KB5014019 update fixes app crashes, slow copying.
24. DuckDuckGo browser allows Microsoft trackers per agreement.
24. Mozilla security updates address zero-day vulnerabilities.
24. Screencastify Chrome extension flaws allow webcam hijacks.
24. Chrome 102 is coming today with window controls overlay.
24. Most users should be fine after installing this month’s updates.
23. GM credential stuffing attack exposed car owners’ personal info.
23. Online accounts can be hacked before you even register them.
23. Spyware is loading Predator malware on Android devices.
22. This Week in Security – May 22 – by Zack Whittaker.
22. PDF smuggles Microsoft Word doc to drop keylogger malware.
22. Predator spyware infected Android devices using zero-days.
21. Ewaste or usable – week 3 – by Susan Bradley.
21. Mozilla patches two security issues in Firefox & Thunderbird.
20. The Week in Ransomware – Another one bites the dust.
20. Microsoft disables telemetry in Windows 11 Subsystem for Android.
20. Emergency Windows 10 updates fix Microsoft Store app issues.
20. Microsoft Store apps failed to install on Intel & AMD Ryzen PCs.
19. Netgear fixes Orbi firmware update that locked admin console.
19. Microsoft updates fix Windows AD authentication issues.
19. Microsoft detects a surge in Linux XorDDoS malware activity.
19. Phishing websites now use chatbots to steal your credentials.
18. Surface Duo 2 gets May 2022 firmware update.
18. Senators Urge FTC to Probe Over Selfie Data.
17. NVIDIA fixes 11 vulnerabilities in Windows GPU display drivers.
17. App Store subscriptions can charge you more without approval.
17. Vector Graphics Editor Inkscape 1.2 is now available.
17. Guide: Here’s how to uninstall Windows 11 updates.
16. HTML attachments remain popular among phishing actors.
16. Third-party web trackers log what you type before submitting.
16. Apple releases several updates including fixes for zero days.
16. Kali Linux 2022.2 released with 10 new tools and more.
16. Sophos antivirus caused BSODs after KB5013943 update.
15. This Week in Security – May 15 – by Zack Whittaker.
15. Fake Pixelmon site infects with password-stealing malware.
15. Admins frustrated by Quick Assist moving to Microsoft Store.
14. Ewaste or usable – week 2 – by Susan Bradley.
14. Firefox 100.0.1 improves Windows process isolation.
13. The Week in Ransomware – A National Emergency.
12. May Windows updates cause AD authentication failures.
11. Windows 11 KB5013943 update causes application errors.
11. Microsoft: Windows 10 20H2 has reached end of service.
11. HP fixes bugs allowing overwriting of firmware in products.
11. Microsoft fixes Windows Direct3D issue behind app crashes.
11. Windows 11 update broke ancient DirectX 9 on “certain GPUs”.
11. Original Surface Duo gets camera improvements & bug fixes.
10. Microsoft 365 Apps resolves issues with Excel, Outlook, & Word.
10. Windows 11 update fixes screen flickers & .NET app issues.
10. Updates for Windows 8.1 and Windows 7 are out now.
10. Microsoft Patch Tuesday fixes 3 zero-days and 75 flaws.
10. Windows 10 KB5013942 & KB5013945 updates released.
10. Here come the May updates. – by Susan Bradley.
09. Want a discount on your Internet? – by Susan Bradley.
09. Revo Uninstaller Pro 5.0.0 released with improvements.
09. Hackers are now hiding malware in Windows Event Logs.
08. This Week in Security – May 8 – by Zack Whittaker.
08. Caramel credit card stealing service is growing in popularity.
07. Ewaste or usable? – by Susan Bradley.
07. Trend Micro antivirus modified Windows registry by mistake.
06. The Week in Ransomware – An evolving landscape.
06. QNAP fixes QVR remote command execution vulnerability.
05. Raspberry Robin uses Windows Installer to drop malware.
05. Microsoft, Apple, & Google to adopt FIDO passwordless logins.
05. Google fixes actively exploited Android kernel vulnerability.
05. NetDooka malware spreads via poisoned search results.
05. MS-DEFCON 2: 2004 is out of support – by Susan Bradley.
04. Windows 11 KB5012643 update will break some apps.
04. Mitsubishi Electric faked safety and quality control tests.
04. Mozilla releases security updates for Firefox & Firefox ESR.
03. New phishing warns: Your verified Twitter account may be at risk.
03. PowerToys 0.58.0 released: building for native ARM64, more.
03. May 2022 Office non-Security updates are now available.
03. Firefox 100 – video improvements and improved scrollbars.
03. Unpatched DNS bug affects millions of routers & IoT devices.
03. AV-Comparatives finds Microsoft Defender hogs your system.
02. Google SMTP relay service abused for phishing emails.
02. Microsoft updates Surface app on Windows 10 and 11.
01. This Week in Security – May 1 – by Zack Whittaker.
01. Google fights doxxing with updated personal info removal.
01. Microsoft Defender is causing high memory usage, more.

April 2022 (Click listings for more information).
30. Windows 11 gets a fix for Safe Mode flickering bug.
30. Fake Windows 10 updates infect you with ransomware.
30. Surface Pro 7+ gets April 2022 firmware update.
29. The Week in Ransomware – New operations emerge.
29. Firefox for Android now has a toggle for HTTPS-Only mode.
29. Surface Book 3 gets storage stability improvements.
29. Microsoft Edge 101 patches 25 security issues.
28. EmoCheck now detects new 64-bit versions of Emotet malware.
28. Windows 11 update has an annoying Safe Mode flickering bug.
28. Synology warns of critical Netatalk bugs in multiple products.
28. Brave update: improved Shields panel & De-AMP privacy feature.
27. Google gives more options for removing personal information.
27. QNAP warns users to disable AFP until it fixes critical bugs.
27. Exploit Kit drops RedLine malware via Internet Explorer bug.
27. Surface Go 3 gets its first firmware update.
27. New Linux vulnerabilities give hackers root privileges.
26. Emotet now installs via PowerShell in Windows shortcut files.
26. Google Play Store forces apps to disclose data collected.
26. Chrome 101 update has privacy-preserving ad profiling.
26. New Windows 11 optional update fixes startup delay bug.
26. April updates are a go for installation – by Susan Bradley.
25. IoT devices remained highly vulnerable in 2021.
25. AMD’s new 22.4.2 driver fixes a FreeSync display issue.
25. Windows 10 KB5011831 update released with 26 bug fixes.
25. Emotet malware infects users after fixing broken installer.
25. Powerful Prynt Stealer malware sells for just $100 per month.
24. Windows 11 default apps take up more than 1.5GB of disk space.
23. This Week in Security – April 23 – by Zack Whittaker.
22. T-Mobile confirms Lapsus$ hackers breached internal systems.
22. Windows 10 KB5012636 update fixes freezing issues.
22. Google Messages bug could be draining your phone’s battery.
21. QNAP asks users to mitigate Apache HTTP Server bugs.
21. Bug in Android could allow access to users’ media files.
20. Chrome Web Store now helps you find the best extensions.
20. Microsoft Authenticator can now generate strong passwords.
20. Microsoft Defender falsely flags Chrome updates as suspicious.
20. Windows Terminal v1.12.1098 fixes Windows 10 crash issue.
19. Attackers now exploiting Windows Print Spooler bug.
19. Emotet botnet switches to 64-bit modules, increases activity.
19. QNAP urges disabling UPnP port forwarding on routers.
19. New BotenaGo malware variant targets DVR devices.
19. Lenovo firmware driver bugs affect over 100 laptop models.
18. Decryptor released for Yanluowang ransomware victims.
18. Workaround for security issue in 7-Zip until it is fixed.
18. Unofficial Windows 11 upgrade installs malware.
18. Windows 10 21H2 is now available to everyone.
17. Office 2013 will reach end of support in April 2023.
16. Vivaldi and Microsoft patch 0-day in their browsers.
15. The Week in Ransomware – Encrypting Russia.
15. T-Mobile customers warned of SMS phishing attacks.
15. ‘Mute’ button in conferencing apps may not actually mute.
14. Google Chrome emergency update fixes active zero-day.
14. Windows 11 tool to add Google Play installed malware.
14. New infostealer drops more malware, cryptominers.
14. Instagram – sexual harassers, crypto crooks, ID thieves.
14. Payment app users targeted in social engineering attacks.
14. Browsers are crashing after installation of Windows Updates.
13. Hackers exploit critical VMware CVE-2022-22954 bug.
13. New EnemyBot DDoS botnet recruits routers and IoTs.
12. Windows 11 KB5012592 cumulative update released.
12. Microsoft releases updates for Windows 7 and 8.1.
12. Surface Duo & Duo 2 receive April 2022 firmware update.
12. Microsoft April Patch Tuesday fixes 119 flaws, 2 zero-days.
12. Windows 10 KB5012599 & KB5012591 updates released.
12. Firefox 99.0.1 maintenance update released.
11. Qbot switches to new Windows Installer infection vector.
11. Android banking malware intercepts calls to customer support.
10. This Week in Security – April 10 – by Zack Whittaker.
10. New Meta information stealer distributed in malspam campaign.
10. Edge gets performance boost with updated sleeping tabs.
09. New Android malware remotely takes control of your device.
08. Microsoft’s announcements this week – by Susan Bradley.
08. Windows 10 20H2 reaches end of service next month.
08. PowerToys 0.57.2 fixes FancyZones rounded corners, more.
08. Raspberry Pi removes default user to hinder brute-force attacks.
07. Android apps with 45 million installs used data harvesting SDK.
07. MS-DEFCON 2: Deferring April – by Susan Bradley.
06. New malware steals Facebook, Instagram, Twitter accounts.
06. AMD graphics drivers are messing up Ryzen settings in BIOS.
06. Multiple .NET Framework versions reach end of life in April.
05. Cash App notifies 8.2 million US customers of data breach.
05. Microsoft fixes Win10 apps rendering outside their window.
05. Microsoft fixes IE11 issue blocking Windows 11 upgrades.
04. WhatsApp voice message phishing emails push malware.
03. This Week in Security – April 3 – by Zack Whittaker.
02. Do you want a bit more in private browsing? – by Susan B.
02. American Express down in outage: login and payment issues.
02. Microsoft Update Catalog downloads are now using HTTPS.
01. Edge 100 has PDF previews and memory integrity protection.
01. The Week in Ransomware – ‘I can fight with a keyboard’.
01. Russian Android malware records audio, tracks your location.
01. Beastmode botnet boosts DDoS power with new router exploits.
01. Firefox 100 requires Windows Update KB4474419 on Windows 7.
01. Microsoft adds Windows 11 upgrade block due to IE11 issue.

March 2022 (Click listings for more information).
31. Phishing Azure Static Web Pages to impersonate Microsoft.
31. Zyxel patches critical bug affecting firewall & VPN devices.
31. Apple update fixes zero-days used to hack iPhones, Macs.
31. Calendly actively abused in Microsoft credentials phishing.
30. PowerToys 0.57.0 release focuses on stability & improvements.
30. QNAP warns OpenSSL bug affects most of its NAS devices.
30. Mazda infotainment crash shows how fragile car security is.
29. Google Chrome 100 released with new features, icon, more.
29. Mars Stealer malware pushed via OpenOffice ads on Google.
29. FTC sues Intuit for misleading TurboTax ‘free tax filing’ ads.
29. FBI warns election officials of credential phishing attacks.
29. Wyze Cam flaw lets hackers remotely access saved videos.
29. Microsoft releases KB5011563 Update Preview for Windows 11.
28. New Windows security feature blocks vulnerable drivers.
28. Windows 11 update fixes SMB, DirectX blue screens.
28. Surface Laptop 4 AMD and Surface Studio 2 updated.
27. This Week in Security – Mar 27 – by Zack Whittaker.
27. Microsoft releases emergency security update for Edge.
27. Sophos Firewall vulnerability allows remote code execution.
26. The browser is your operating system – patch it!
26. Western Digital fixes bug giving root on My Cloud NAS devices.
26. Windows Terminal now has a Windows 11 only package, more.
25. FCC says Kaspersky poses a risk to national security.
25. The Week in Ransomware – Critical infrastructure.
25. Emergency Chrome update fixes zero-day used in attacks.
25. URL trick enabled WhatsApp, Signal, iMessage phishing.
25. Honda bug lets a hacker unlock and start your car.
24. Morgan Stanley client accounts breached in attacks.
24. Western Digital My Cloud OS update fixes critical vulnerability.
24. Malicious Microsoft Excel add-ins used to deliver malware.
24. Microsoft Help Files Disguise Vidar Malware.
24. Tax-season scammers spoof fintechs, including Stash, Public.
24. Seeing battery drain issues on your iPhone?
23. Microsoft PowerToys breaks Outlook PDF preview.
23. Windows 10 (KB5011543) fixes BSOD bug from Bluetooth.
23. Firefox 98.0.2 fixes a crash on Windows, an add-ons issue, more.
22. Windows 10 update released with Search highlights feature.
22. macOS malware of Chinese hackers ‘Storm Cloud’ exposed.
22. Microsoft hacked? What’s OKTA? – by Susan Bradley.
22. Lots of HP printer models vulnerable to remote code execution.
22. For most computer users, it’s time to get the updates rolled out.
21. BitRAT malware spreading as a Windows 10 license activator.
21. Android password-stealing malware infects Google Play users.
21. Windows 0-day flaw giving admin rights gets unofficial patch.
20. This Week in Security – Mar 20 – by Zack Whittaker.
20. Western Digital app bug elevates privileges in Windows, macOS.
19. Phishing kit lets anyone create fake Chrome browser windows.
18. The Week in Ransomware – Targeting the auto industry.
18. Latest Microsoft Edge & Chrome fix many vulnerabilities.
18. Tile launches an anti-stalking feature to warn of trackers.
18. Internet Explorer 11 retires in three months.
17. New Unix rootkit used to steal ATM banking data.
17. Each Firefox download has a unique identifier.
17. Cyclops Blink malware attacks targeting ASUS routers.
17. Microsoft tool scans MikroTik routers for TrickBot infections.
16. Malware sneaking into iOS through testing unvetted apps.
16. Microsoft Defender tags Office updates as ransomware.
16. Apple releases security updates for multiple products.
16. Emotet malware campaign impersonates the IRS.
16. Google Releases Security Updates for Chrome.
16. Third-gen Surface Pro X receives latest firmware update.
15. Android trojan persists on the Google Play Store since Jan.
15. VirusTotal releases updated extension for Chrome & Firefox.
15. German government advises against using Kaspersky antivirus.
15. Latest Firefox update removes Russian search providers.
14. Mac OS Monterey 12.3 is out with Universal Control & more.
14. Microsoft & Oracle have fixed an old Windows 11 known issue.
14. QNAP warns severe Linux bug affects most of its NAS devices.
14. Windows 11 update block removed for VirtualBox users.
13. This Week in Security – Mar 13 – by Zack Whittaker.
13. Fake Valorant cheats on YouTube infects with RedLine stealer.
12. TP-Link routers sending customer data to Avira without consent.
12. Android malware steals your Google Authenticator MFA codes.
12. Firefox Relay update brings larger attachment sizes, more.
12. With its Spectre patch, AMD CPUs are not as sloppy as Intel’s.
12. AMD issues fix for Spectre v2, most desktop CPUs are still vul.
11. Intel CPUs are losing performance with the Spectre BHI patch.
11. Credential-stealing trash panda crawls into Telegram.
08. Android’s March security updates fix three critical bugs.
08. Windows 10 KB5011487 & KB5011485 updates released.
08. Adobe releases security updates for multiple products.
08. Microsoft releases updates for Windows 7 and 8.1.
08. Windows 11 KB5011493 update released with bug fixes.
08. Microsoft March Patch Tuesday fixes 71 flaws, 3 zero-days.
08. HP patches UEFI firmware bugs allowing malware infections.
08. Mozilla releases Firefox 98 with automatic downloads.
08. Google phasing out reverse image search in Chrome, fix.
07. AMD PCs are stuttering on Windows 10 & 11 due to fTPM bug.
07. Novel attack turns Amazon devices against themselves.
07. Linux bug gives root on all major distros, exploit released.
07. PowerToys 0.56.2 released to address FancyZone bugs & more.
07. Dozens of COVID passport apps put user’s privacy at risk.
07. Govt officials impersonated in widespread extortion schemes.
06. This Week in Security – Mar 6 – by Zack Whittaker.
06. Weekend tip: Don’t move your printer spooler files.
05. Firefox receives update to patch two ‘critical’ security exploits.
05. SharkBot malware hides as Android antivirus in Google Play.
05. Google, Microsoft, Apple, & Mozilla work to improve browsers.
04. Amazon: Charities, aid orgs in Ukraine attacked with malware.
04. The Week in Ransomware – The Conti Leaks.
04. Russia-Ukraine war exploited as lure for malware distribution.
04. Microsoft Edge 99 is here with custom primary passwords.
03. T-Mobile data breach victims warned of identity theft risks.
03. Is it still safe to defer? – by Susan Bradley.
03. Defender reports a false positive – by Susan Bradley.
02. Medical infusion pumps vulnerable to years old critical bug.
02. Google Chrome 99 is out with 28 security fixes.
01. March Office non-Security Updates are now available.
01. TeaBot malware is back in Google Play Store targeting US users.
01. eBike phishing sites abuse Google Ads to push scams.
01. Russian-themed credential harvesting target Microsoft accounts.
01. Chrome 99 coming with improved PWAs & a JS spec change.